On Tue, 4 Feb 2003, Kurt Roeckx wrote: > I know how it works, it's just very unlikely I'll ever meet > someone so it gives me a good chain.
One postgresql conference is all it takes. > Anyway, I think pgp is good thing to do, just don't assume that > it's always better then just md5. I think it is. Even if you can't personally trust the signature properly, it offers much more opportunity to discover a forgery because if you grab the signing key when it's first published, the aquisition of the key and the potentially forged binary are separated in time, making substitution of both much more difficult. Someone can easily change an MD5 signature file that's sitting right next to a binary on an FTP server. Someone can not easily change a PGP key that's already sitting in your keyring on your computer. cjs -- Curt Sampson <[EMAIL PROTECTED]> +81 90 7737 2974 http://www.netbsd.org Don't you know, in this new Dark Age, we're all light. --XTC ---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives? http://archives.postgresql.org
